[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#160813: marked as done (cgiemail:/etc/cgiemail.conf is not consulted)

Colin Watson <cjwatson@debian.org> writes:

> On Sat, Sep 28, 2002 at 06:33:18AM -0500, Debian Bug Tracking System wrote:
> >  cgiemail (1.6-15) unstable; urgency=low
> >  .
> >    * QA upload.
> >    * Null-terminate templatedir, and make sure it really does get checked
> >      (closes: #160813).
> Sorry, this should have been urgency=high.
> I think a stable-security upload will be needed as well. Here's the
> relevant part of the diff I used:

While you're at it, please make sure cgiemail doesn't accept templates
when there is no /etc/cgiemail.conf.  As it is, the vulnerability is
still open between unpacking and configuration.

Also, I think cgiemail.pod lacks the structure and the style of a man
page, and makes us look really lazy. :-)  Bug#6302, the reason it was
written, was submitted back when the binaries were in /usr/bin; since
the user doesn't invoke them directly, we can do without it.

BTW, the postrm should remove /etc/cgiemail.conf.



Reply to: